The errata in from the repo doesn’t seem to be associated correctly by foreman. For CESA-2022:0274 polkit-0.112-26.el7_9.1.x86_64.rpm seem to be the solution package which has the vulnerability fixed. So the errata should show all hosts that need to upgraded to that package. For example polkit-0.112-11.el7_3.x86_64 which should be shown as a security errata for that packages simply gets registered to a package which need to be upgraded and not showing errata properly.
I’ve created a separate post regarding that issue but so far no solutions have been provided. I don’t know wether the issue lies in xml file, the script that processes it or in how foreman handles errata from local repos. Errata is shown correctly atleast with AlmaLinuxes.